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Abstract —The smart grid is envisioned to significantly en¬ 
hance the efficiency of energy consumption, by utilizing two- 
way communication channels between consumers and operators. 
For example, operators can opportunistically leverage the delay 
tolerance of energy demands in order to balance the energy 
load over time, and hence, reduce the total operational cost. 
This opportunity, however, comes with security threats, as the 
grid becomes more vulnerable to cyber-attacks. In this paper, 
we study the impact of such malicious cyber-attacks on the 
energy efficiency of the grid in a simplified setup. More precisely, 
we consider a simple model where the energy demands of the 
smart grid consumers are intercepted and altered by an active 
attacker before they arrive at the operator, who is equipped 
with limited intrusion detection capabilities. We formulate the 
resulting optimization problems faced by the operator and the 
attacker and propose several scheduling and attack strategies for 
both parties. Interestingly, our results show that, as opposed to 
facilitating cost reduction in the smart grid. Increasing the delay 
tolerance of the energy demands potentially allows the attacker to 
force increased costs on the system. This highlights the need for 
carefully constructed and robust intrusion detection mechanisms 
at the operator. 


I. Introduction 

Over the past few years, the smart grid has received consid¬ 
erable momentum, exemplified in several regulatory and policy 
initiatives, and research efforts (see for example Q, lO and 
the references therein). Such research efforts have addressed a 
wide range topics spanning energy generation, transportation 
and storage technologies, sensing, control and prediction, and 
cyber-security gl, ID, HI, Q, 111. 

Demand response/load balancing and energy storage are two 
promising directions for enhancing the energy efficiency and 
reliability in the smart grid. Non-emergency demand response 
has the potential of lowering real-time electricity prices and 
reducing the need for additional energy sources. The basic 
idea is that, by utilizing two-way communication channels, the 
emergency level of each energy demand (at the end-users or 
central distribution stations) is sent to the grid operator that, in 
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turn, schedules these demands in a way flattens the load. 
Moreover, energy storage capabilities at the end-points offer 
more degrees of freedom to the operator, allowing for a higher 
efficiency gain. This potential gain, however, comes at the 
expense of the security threat posed by the vulnerability of the 
communication channels to interception and impersonation. 

In this work, we study the impact of the vulnerability of 
two-way communications on the energy efficiency of the smart 
grid. More specifically, we propose a new type of data integrity 
attack towards Advanced Metering Infrastructures (AMI), that 
captures the above scenario in the presence of a single stealthy 
attacker. In an AMI system, a wide area network (WAN) 
connects utilities to a set of gateways, which are connected 
to electricity meters through neighborhood area networks 
(NANs). As observed in El, neighborhood area networks is an 
attractive target of attacks, where a large number of devices are 
physically accessible with little security monitoring available. 
Moreover, since these derives are connected to networks, an 
attacker can potentially get access to a large amount of data by 
hacking into a few nodes or links in AMI ifTOl . As observed 
in im, all the three major types of nodes in AMI, namely, 
smart meters, data concentrators, and the AMI headend, are 
subject to attacks, with different amount of data that can be 
utilized by the attacker. 

In this work, we consider a simplified model of AMI, similar 
to IfT^ . that includes a grid operator and n consumers that may 
be capable of energy storage, harnessing the potential cost 
savings in the smart grid. Our analysis covers two models of 
energy demands. In the first (total-energy model), each demand 
includes the total amount of energy to be served, the service 
start time, and the deadline by which the requested energy 
should be delivered. In the second (constant-power model), 
each demand similarly has an arrival time and deadline, 
but the consumers ask for energy to be distributed across a 
specified number of time slots (a service time), with a power 
requirement in each slot. In both models, the consumers send 
their demands over separate communication channels to the 
operator. The grid operator attempts to schedule these demands 
so as to balance the load across a finite period of time, and 
hence minimize the total cost paid to serve these demands. 

In our model, we also assume the presence of a single 
attacker who is fully capable of intercepting and altering the 
consumer demands before they arrive at the operator (see 
Figure [^l. The end goal of the attacker, as opposed to the 
operator, is to maximize the operational cost paid by the system 
for these demands, hence reducing the energy efficiency of 
the system. We differentiate between two scenarios. The first 
corresponds to a naive operator who fully trusts the incoming 
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Fig. 1: A system model for a smart grid in the presence of a single 
attacker. The forward channels between the consumers and the grid 
operator are fully compromised by the attacker, (a, d, e) is the vector 
of the start times, deadlines and energy requirements of the consumer 
demands, respectively. 

energy demands, whereas in the second, a simple intrusion 
detection mechanism (to be discussed later) is assumed to 
be deployed by the operator. Rather intuitively, the attacker’s 
desire to remain undetected imposes more limitations on its 
capabilities, and hence, reduces the potential harm. This desire 
can be justihed, for example, by considering the long-term 
performance of the grid, where the total impact of successive 
attacks is more damaging when the attacker remains unde¬ 
tected. 

Based on the aforementioned assumptions, we hrst formu¬ 
late the optimization problems faced by the operator and the 
attacker. For the operator, when being oblivious to any attacks, 
a minimization problem needs to be solved. On the other hand, 
the attacker is aware of the optimal strategy employed by the 
operator, and hence, a maximin optimization problem needs 
to be solved. In our formulation, we limit the attack’s strength 
by the number of energy demands the attacker is capable of 
altering. For the case when the attacker is capable of altering 
all of the energy demands (the attacks thus reach their full 
potential and force the system to operate at the maximum 
achievable total cost), we show that the maximin problem 
actually reduces to a maximization problem. 

To the best of our knowledge, however, the impact of 
stealthy attacks on the energy efficiency of the smart grid has 
not been studied before, and this paper is the first attempt to 
explicitly characterize such impact. 

Our main contribution can be summarized as follows. 

• We propose optimal offline strategies for both the op¬ 
erator and the unlimited attacker. The former gives the 
minimum energy cost when there is no attack, and 
the latter gives the maximum energy cost that can be 
enforced. The gap between the two indicates the maxi¬ 
mum damage that can result from such attacks. We also 
provide efficient online strategies for both of them. These 
strategies are more practical in terms of operability and 
also indicate several bounds on the possible damage due 
to an unlimited attack. 

• For more limited attacks, we provide a simple greedy 
offline algorithm to arrive at a lower bound, and a 
dynamic programming-based algorithm that computes an 
upper bound on the total cost achieved by such attacks. 
Moreover, efficient online attacks are provided. 

• From our analysis and numerical results, we conclude 
that in the absence of security threats an increase in 
the delay tolerance of the energy demands increases the 
energy efficiency of the system, as expected, since the 


operator is offered more scheduling opportunities. On the 
other hand, a somewhat surprising observation is that, 
with a limited defense mechanism at the operator, this 
increase offers a similar opportunity to the attacker to 
force costs even higher than those incurred by the reg¬ 
ular grid, transposing the purpose of the communication 
capabilities provided to the consumers. 

The proposed framework enjoys several merits. Our analysis 
throughout the sequel does not assume any specific struc¬ 
ture/distribution on the consumer demands and hence the 
derived results encompass a wide range of realistic scenarios. 
The attack bounds provided here are based on worst-case 
analyses and so provide strong guarantees on the impacts 
of different attacks. The main limitation of this work is the 
rather weak detection/defense mechanism at the operator. Our 
purpose here is to explore the attacker’s side and arrive at 
performance bounds that motivate stronger defenses at the 
operator/consumers. 

The remainder of this paper is organized as follows. After 
a brief overview of related work in Section [I^ we present our 
system model and the optimization problems at the operator 
and attacker sides in Section uni In Sections |lV] and |V] we 
provide offline and online attacks for the total-energy model 
and the constant-power model, respectively. Numerical results 
are given in Section |VI| We provide some suggestions to the 
operator in Section |VII| whereas our conclusions are given 
in Section |VIII| Discussion of the model, extensions of our 
solutions to time-dependent cost functions, and details of some 
of the algorithms are provided in the Appendix. 

II. Related Work 

Cybersecurity is of critical importance to the secure and 
reliable operation of the smart grid, which is challenging to 
achieve due to the large scale and the decentralized nature of 
the grid, the heterogeneous requirements of the components, 
and the coupling of the cyber and physical systems. Various 
types of cyber attacks targeting the availability, integrity, and 
conhdentiality of the smart grid have been studied, and both 
prevention and detection techniques have been proposed II3, 
0 . 

Data integrality attack is considered as an important threat 
to the smart grid ifTSll . In particular, false data injection towards 
the SCADA systems has received a lot of attention recently Q, 
0. By injecting malicious data into a small set of controlled 
meters, this attack can bias the state estimation of the system 
while bypassing the bad data detection in the current SCADA 
systems. Since the seminal work of a, much effort has been 
devoted to the problem of hnding the minimum number of 
meters to be controlled to ensure undetectability 0, 0. 
Although this sparsest unobservable data attack problem is 
NP-hard in general, a polynomial time solution is given in m 
for the case when the network is fully measured. Moreover, 
strategic defense techniques have been developed 0 , ca 
and the impact of data injection attack on real-time electricity 
market has been considered Q, CD. When the attacker does 
not have enough number of controlled meters, a generalized 
likelihood ratio test is proposed to detect attacks 0. In addi- 
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tion to data attacks, the sparsest unobservable attack problem 
has been studied in closely related power injection attacks El. 

In the context of AMI, various potential threats have been 
identified El, Qa, El, including integrity attacks for the 
purposes such as energy theft and remote disconnection. Dif¬ 
ferent intrusion detection systems (IDS) have been considered, 
including specification based El, El and anomaly based 
approaches lfT9l . In particular, a set of data stream mining 
algorithms are evaluated and their feasibility for the different 
components in AMI is discussed in lfT9l . The information 
requirements for detecting various types of attacks in AMI are 
discussed in Although data integrity attacks are considered 
as a potential threat in AMI El, its impact on the energy 
efficiency of the system has not been considered before, and 
proper intrusion detection schemes for the new type of attack 
that we consider remain open. 

III. Problem Formulation 
A. Demand Model 

In this paper, we adopt the control and optimization frame¬ 
work first proposed in El for the demand side of the smart 
grid. This framework assumes a central operator and n energy 
consumers that send their energy service demands to the 
operator using perfect channels. Our model builds on this 
framework, adding to it a single active attacker. The attacker 
is capable of intercepting and altering the demand requests in 
order to maximize the total energy cost paid by the smart grid. 
We assume a time-slotted system and a finite time horizon 
[0,T], and consider two types of demands; 

1) Total-Energy requirements; each consumer has a total 
energy requirement that needs to be served before some 
deadline elapses. This, for instance, captures the scenario 
of having consumers with energy storage capabilities. 
Here, the energy demand of the consumer, 1<J< 
n, is composed of the tuple {aj,dj,ej), where aj,dj G 
N+, dj > Uj, Cj G K+, indicating that demand j arrives 
at the beginning of time-slot Uj, and has to be served 
for a total amount of Cj, by the end of time-slot dj. 

2) Constant-Power requirements; each consumer has an 
instantaneous power requirement and specifies a service 
time duration to hnish a given job before a deadline 
elapses as well. The energy demand of the consumer, 
1 < J < II, is composed of the tuple {aj,dj,Sj,pj), 
where aj and dj are defined as in the above, Sj G N'*' is 
the job’s duration time and pj G M"*" is the instantaneous 
power requirement for this job. We note that in contrast 
to the total-energy model, the instantaneous power re¬ 
quirement Pj cannot be changed by either the operator 
or the attacker. 

In both cases, we assume that the set of jobs can 
be scheduled preemptively, i.e., a job can be interrupted 
and resumed, so long as the deadline and energy/power 
requirements are met. Let J = n}, and the 

associated demands in the total-energy (constant-power) 
model in J" = {(ai, di, Ci),..., (o„, e„)} (J = 

*We use demand and job interchangeably in the paper. 


{(ai,di,Si,pi),... ,(an,dn,Sn,Pn)})- The set of demands 
are sorted by their arrival times non-decreasingly. Each energy 
demand in J' is sent to the operator over a perfect channel 
that is fully intercepted by the attacker. Hence the attacker 
could substitute the actual demand set ^7 by a forged one, 
J', before it is received by the operator. An example for 
the total-energy case is shown in Eigure [T] Similar to J, 
the forged set is J' = d'^, e'^),..., d'^, e'^)} for 

the total-energy model and, for the constant-power model, 
is J' = {{a'^,d'^,s\,p\),...,[a'^,d'^,s'^,p'^)}. Let J’ = 
{1,... ,m} denote the indices of forged jobs. We note that 
m > n in general as will be explained later in this section. For 
ease of notation, we define the vector a = [ai,... ,an], and 
dehne d,e,s,p similarly for the original vectors, and dehne 
a',d',e'T s',p' for the corresponding forged vectors. For any 
job j, we define its job allowance to be Ij = dj — Uj -f 1. Let 
Imax = maxjgjZj-, Imin = min^gj^j. We similarly define 

^max , ^min , ^rriax i ^min , Pmax , Pmin • 

B. Simple Intrusion Detection 

We put the following constraints on the attacker. Eirst, when 
the attacker chooses a job to modify, he is limited to changing 
its arrival time or its deadline time, or, breaking the job into 
multiple separate jobs (that would appear to the scheduler as 
independent jobs), so long as the hnal schedule is admissible. 
That is, all of the original jobs are served exactly their energy 
requirement (or service time and power requirement) upon or 
after their arrival and before or upon their real deadlines. Note 
that the attacker could easily be detected by the consumers if 
the final schedule is not admissible. 

Moreover, we assume that the operator adopts a simple sta¬ 
tistical testing based intrusion detection scheme. Eor example, 
consider a statistical testing on the slackness of jobs. The 
slackness of a job j, denoted as Xj, is defined as the maximum 
time elasticity when serving the job. Formally, Xj = U — 1 
for the total-energy model, and Xj = Ij — Sj for the constant- 
power model. Assume that the slackness of demands are i.i.d. 
samples of a known distribution with mean p and variance 
For a set of n demands received, the operator determines if 
it has been modihed by using, for example, the one sample 
z-test with statistic z = with a signihcance level a, 

the probability threshold below which the operator decides the 
data has been modihed. 

Assume that the attacker knows (1) the distribution of 
demands, and (2) the statistical testing and a adopted by 
the operator. If the attacker also knows J^j for rh® ^^t 
of demands in J, it can hnd the maximum amount of job 
slackness that can be reduced for demands in J, while still 
passing the z-test on slackness. When this knowledge is not 
available as in the more realistic online setting (to be precisely 
dehned below), the attacker cannot ensure undetectablility. 
However, it can choose to modify a small number of jobs 
to ensure a small probability of detection, which is still useful 
to the attacker. We can similarly consider a statistical testing 
on the arrive times or other parameters of demands. Instead 
of working on a constraint that depends on the concrete 
statistical testing used, we consider a simple constraint on the 
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fractional of energy demands that the attacker is capable of 
altering, which can be derived from the statistical testing used. 
In addition to simplifying the optimization problems for the 
attacker, such a bound can also be interpreted as a resource 
constraint to the attacker. We will consider other types of 
constraints in our future work. Let B = [/3nJ ,f3 G [0,1] 
denote the number of jobs that the attacker can modify. 

We note that an accurate statistical modeling of electric 
demands with time elasticity is by itself a challenging problem 
especially when the demands are correlated, which provides 
further opportunity to the attacker. Although the operator can 
also consider more advanced intrusion detection schemes such 
as data mining based anomaly detection, the high dimension 
of the data stream (large number of demands with overlapping 
durations) is a big challenge to be addressed. 


C. Optimization at the Operator and the Attacker 

Upon receiving the m (altered) demands, J', an admissible 
schedule of these demands (jobs) is to be determined by the 
operator. A schedule is given by 5 = [S]jt G x 

where Sjt denotes the amount of energy allocated to job j in 
time-slot t. Let Eg{t) be the total energy consumed at time- 
slot t G [0,T] under schedule S, i.e., Es{t) = 

Let Ct{Es(t)) denote the cost incurred by the total power 
consumed at the time-slot t. We assume C* : K+ —>■ M+ to be 
a general non-decreasing and convex function, as in nH . The 
convexity assumption resembles the fact that, as the demand 
increases, the differential cost at the operator increases, i.e., 
serving each additional unit of energy to increasing demand 
becomes more expensive 112. In our analysis and evaluation, 
we will consider the following commonly adopted power 
function as an example, where Ct{E) = E^,b G > 1, 
which allows for estimating the performance for a wide range 
of monotone increasing and convex functions. Moreover, for 
simplicity of exposition, we assume Ct{-) to be time invariant 
in the following and omit the subscript t. We show that most 
of our algorithms and analytic results can be extended to time- 
dependent cost functions in Appendix . 

The operator attempts to balance the load by finding an 
admissible schedule (given the altered demands by the at¬ 
tacker) that minimizes the total cost over the interval [0,T]. 
The optimization problem at the operator side, for the total- 
energy model, is then defined as follows: 

T 

Cjnin{a', d', e') = min'^ C(Es(t)) (PminE) 

t=i 

s.t. Sjt ^ 0, Vj G G 

E = G e J'. 

t—a'- 
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where we have dropped the constraint that no energy is served 
to a job j outside [aj,dj] since C(-) is monotone increasing. 


Similarly, the problem for the constant-power model is 


Crmn{a',d',s',pj = C{Es{t)) 


(PminS) 




s.t. Sjt G {0,p'}, Vj G j',yt G [0,T], 
d-'o 

E = Sj, yj G J. 


t-a'- 


where = 1 if Sjt = Pj, and is 0 otherwise. The 

constraints in the both problems ensure the admissibility of 
the considered schedules. 

On the other hand, the attacker attempts to find appropriate 
values of a',d',e' (or a',d',s',p') in J' such that the cost 
achieved by the operator is maximized, subject to the number 
of demands that can be modified. Let bj be the collection of 
the (sub)jobs that the attacker generates out of job j, 1< j< 
n. Each (sub)job is, again, a tuple of the form {a',d',e') or 
(o', d', s',p'). To guarantee an admissible final schedule, each 
set bj should satisfy the following conditions: 

In the total-energy model, for each job j: 

For 1 < k < \bj\ 

4,d'fcGN+,e;>0, (la) 

Oj < a'k S d'f. < dj, (lb) 

E 4=ej- (Ic) 

i<fc<ILI 

In the constant-power model, for each job j: 

For 1 < k < \bj\ 

d'kj ^'k V N“'', (2a) 

aj < Ofc < dfe < dj,p'^. = Pj, (2b) 

E (2c) 

i<fc<ILI 

[a'k,d'k]n[a'i,d'i] = id, yk,l,k ^ 1,1 < k,l < \bj\. (2d) 


The sets bj are then collected in the forged demand vector, 
i.e., J ': = Ui<j<n ^j- Under this setting, the attacker solves 
the following optimization problems. For the total-energy 
model: 


Emaxmini^a, d, C, /j) — mUX Cmiriia , d , 6 ) 
a' ,J* 


s.t. Eqs ( [Tal l ■ ( fT^ , 

\r\<l3n, 

where /3 G M, 0 < /? < 1, and 


(PmaxminE) 


J — {j G J'■ bj ^ {{t>'jTdj,ej)}} . (3) 


Here J* denotes the set of consumer job indices that were 
modified by the attacker. In a similar fashion, we define the 
attacker’s optimization problem for the constant-power model: 


Emaxmin (tt, d, S,p, /?) — mUX Crnin i d , S ,p') 
a' ,d' ,s' ,p' 


s.t. Eqs ( |2a| i - (2di, 

|J*| </3n, 


(PmaxminS) 
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where G M, 0 < ^ < 1, and 

J* = {j e J: bj ^ {{aj,dj,Sj,Pj)}} . (4) 

We provide efficient offline and online solutions to the 
problems formulated above. Offline solutions not only give 
us performance bounds on the extreme case when there is 
no uncertainty on energy demands, but also provide useful 
insights for the design of online solutions. On the other hand, 
in the more realistic online setting, a demand is revealed only 
on its actual arrival. 

• Offline setting: In the offline setting, we assume that the 
attacker knows all the true demands J at time 0, while 
the operator knows all the forged demands J' at time 0, 
and obtains no further information during [0,T]. 

• Online setting: In the online setting, at any time t, the 
attacker only knows the set of true demands with a, < 
t, while the operator only knows the set of unmodified 
demands with aj < t, and the set of forged demands 
with a'j < t. In addition, the number of demands n is the 
common knowledge. 

Note that in the online setting, if a' = aj, demand j should 
be forwarded to the operator without delay. On the other hand, 
if o' > a,, the attacker should hold demand j until o' so that 
the operator does not get extra information. 

For comparison purposes, we also consider the following 
inelastic scheduling policy for the operator as a baseline 
strategy. In the total-energy model, this strategy serves each 
job its energy demand, entirely and immediately upon its 
arrival. The associated baseline cost, C'f,ase(a, d, e), can be 
found as: 

Cbase{a,d,e) = X! X! 

iG[0.T] \j&J:aj=t J 

The counterpart quantity in the constant-power model is: 

Cbase{a,d,S,p) = X! X! Pjj- (6) 

iGfOjX'] \ j ^ J'.t^[cLj ^dj-\-Sj —l] ) 

This strategy represents the case when the delay tolerance 
of the jobs is not exploited. Therefore, we treat this quantity 
as the cost paid in the current regular gird, where no two-way 
communication channels are established, and accordingly, the 
system is not vulnerable to the cyber-attacks discussed in this 
paper. 

As a first attempt towards understanding the impact of 
stealthy attacks on smart-grid demand-response, we have made 
several simplifications in this work. In Appendix we 
provide a discussion on the rationale behind our model and 
outline several extensions including how to conduct the impact 
analysis under congested power systems. 


IV. TOTAL-ENERGY Demands: Scheduling and 
Attack Strategies 

In this section, we focus on the total-energy demand model. 
We first find the optimal scheduling strategy for the operator 
in Sect ion |IV-A| We next propose full attack strategies in 
Section IV-B including both offline and online attacks. Finally, 


in Section IV-C we propose limited attacks and study the 
impact of such attacks. We note that the offline attacks we 
discuss below have a time complexity of 0{n3). On the other 
hand, all the online attacks have a time complexity of 0{n) 
and are therefore more scalable to large systems. 


A. Scheduling at the Operator 

The optimization problem at the operator ( |PminE| l can be 
directly mapped to the “minimum-energy CPU scheduling 
problem” studied in EOl . Our discussion below is an adapted 
discrete-time version of the classical YDS algorithm ll20l . 

For every pair (fc, 1), k < I, let Xj{k, 1) be the set of all job 
indices whose intervals are entirely contained in [k,l], that is, 
Ij{k, Z) = {j S J: Oj > k, dj < 1}. For the received (forged) 
demands J', define the energy intensity on Ij'{k, 1) to be 

= (7) 

Note that if we only consider the set of jobs in Iji{k,l), 
a schedule that serves g{Xji{k,l)) amount of electricity in 
each time slot in the interval [k, 1] minimizes the energy 
cost (assuming it is admissible). We further define {k*,l*) = 
argmax(j, Z)), that is, Xji{k*,l*) is the set of 

jobs with the maximum energy intensity among all Xj>{k,l) 
for any k, I with k < 1. 

It is shown in ll20l that, for strictly convex C'(-), the optimal 
strategy schedules a total energy of g{X{k*,1*)) in each 
time slot in [fc*,Z*]. That is, the interval with the maximum 
energy intensity must maintain this intensity in the optimal 
schedule. This also implies that no jobs out of X{k*,l*) are 
scheduled with those in X{k*,l*). Hence a greedy algorithm 
that searches for X{k*, I*), schedules the jobs in X{k*, I*) and 
then removes those jobs (and the corresponding interval) from 
the problem instance, can be used to solve Problem dPminEl l. 
The corresponding algorithm is outlined below (see 1201 for 
the details). 


Algorithm 1 Offline Scheduling at the Operator 
I: while J' / 0 do 

2: Xji{k*,r) t— an interval with the highest energy intensity; 

3: Schedule the jobs in Tji{k*,1*) according to the Ear¬ 
liest Deadline First (EDF) policy, such that Es (t) = 

for all t G [k*,l*]- 

4: Delete the jobs in Xji (k *, Z*) from J' and modify the problem 

to reflect the deletion of jobs. 


The above algorithm arrives at the optimal schedule with 
complexity 0{n^) since it suffices to consider intervals whose 
two endpoints are either arrival times or deadlines of some 
jobs. Let Cmin denote the optimal minimum cost achieved 
(when there is no attack). A simple online algorithm for 
Problem ( |PminE[ i was also given in (the Average Rate 
Heuristic, AVR). This online scheme distributes the energy 
requirement of each job evenly on its service interval, ignoring 
further information on how the jobs intersect. The performance 
of this simple heuristic is studied in ll20l when the cost map¬ 
ping is a power function, and the following bounds are proven: 
For C[E) = E^,b G K, 6 > 2, this online heuristic achieves 
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a total cost Cmin < TbCmin, whcrc < rb < Since 

each demand is processed once, this algorithm has an 0{n) 
complexity. 


B. Full Attack Strategies and Performance Bounds 

We now turn our attention to the attacker’s selection of J'. 
We note that the special case (/3 = 1) is of special interest to 
us, as it resembles a /m/1 attack, i.e., the attacker is capable of 
modifying all of the consumer demands (e.g., when there is 
no intrusion detection at the operator). We first address this 
case. The more general attacks for /3 < 1 will be considered 
in Section HV-CI 

1) An Optimal Offline Full Attack: We first show that, in the 
case (3 = 1, the Problem ( jPmaxminEl l can be transformed into 
a maximization problem. To see this, consider any undetectable 
strategy followed by the attacker such that, for each demand 
{uj, dj,ej) G J, there exists exactly one corresponding forged 
demand, (apdb.e'j) G J', with o' = d' = tj for some tj G 
\aj,dj\, and e' = Cj. All such strategies are always feasible 
to the attacker by our assumption of /3 = 1 and, if employed 
by the attacker, leave no degrees of freedom to the operator. 
Moreover, due to the monotonicity and convexity of C(-), it 
suffices for the attacker to consider only this set of strategies 
as shown in the following lemma. 

Lemma 1: When /? = 1, there is an optimal attack where 
for any job j, a' = d' = tj for some tj G [aj,dj\. 

Proof: Consider an optimal solution for the attacker. 
Suppose a job j is served at both time ti and t2- Let Ei and E2 
denote the total energy consumption at ti and t 2 , respectively. 
Without loss of generality, assume C[^{Ei) > C^^{E 2 ). Then 
the total amount of j served at t2, denoted as 5 , can be 
moved from t 2 to fi such that Ct^ {Ei + d) + {E 2 — S) > 

Cti{Ei) + (7(2(£’ 2 ) by the convexity and monotonicity of 
(7(^ and Ct^. The lemma then follows by applying the above 
argument iteratively. ■ 

Based on this observation. Problem ( |PmaxminEl l under /3 = 1 
reduces to a maximization problem, which, for a given job 
instance, looks for an optimal strategy that serves each job in 
a single feasible time slot. Formally, the attacker solves the 
following problem; ^ 

drnax^^t df ef — HlUX (7(£,5 (/)) 

(Pmax) 

s.t. 5j( = 0, yjGJ,ytG[0,T],tftj, 

Sjt- = e.j,tj G [aj,dj], Vj G J. 

Hence, in the above formulation, the attacker needs to 
decide only on tj for each j G J. Given a set of jobs J, define 
a clique of J as a subset of jobs in J whose job intervals 
intersect with each other, and a clique partition of J as a 
partitioning of set J into disjoint subsets where each subset 
forms a clique of J. We then have the following observation. 

Lemma 2: Each clique partition of J corresponds to a 
feasible solution to Problem ( |Pmax| i and vice versa. 

Proof: Consider any clique partition of J. For each clique 
in the partitioning, the set of jobs in the clique overlap with 
each other, and can be compressed to the same time slot 
(any time slot where all these job intervals intersect). We 


then obtain a feasible solution to ( Pmax[ ). On the other hand, 
consider a feasible solution to ( |Pmax| i. We can assume that 
each job is served in a single time slot by Lemma [T] For any 
time-slot t with at least one job served, let Kt denote the set 
of jobs that are served at t. Then Kt is a clique for any t, and 
the set of these cliques form a clique partition of J. ■ 

Moreover, we observe that to find the optimal attack, it 
is sufficient to consider locally maximal cliques defined as 
follows. For any time slot / let K* denote the set of jobs whose 
job interval contains t. A clique is called locally maximal if 
it equals AT* for some t. The following result is key to derive 
the optimal attack: 

Lemma 3: There is an optimal clique partition solving 
( |Pmax| i that contains a locally maximal clique 

Proof: Consider an optimal clique partition, Ki, 
that solves ( |Pmax| i. Assume has the maximum cost among 
these cliques. If Ki is not locally maximal, then for any time- 
slot t where jobs in Ki intersect, there is a job j included in 
another clique, say £(/, whose interval contains t. By moving 
j from Kii to Ki, we get a new partitioning whose total 
cost can only increase by the convexity and monotonicity of 
(7( ). Hence, Ki can be made locally maximal without loss of 
optimality. ■ 

Let C{k, 1) be the maximum feasible cost that could be 
achieved by solely scheduling the jobs in /). Given any 
time-slot z contained in [k, /], let K^ ; be the locally maximal 
clique at z for jobs restricted to Xj{k,l). We then have the 
following recursion. 

Theorem 1: 


C{k,l) 


max 
zG [fc,Z] 


c 


^ e, j +C{k,z 

) 


1)+G(z + 1,/) . 

( 8 ) 


Proof: Consider the set of jobs in Xj{k,l)). Lemma 
implies that C{k, 1) is achieved by a partitioning that contains 
a locally maximal clique for jobs mXj{k, /)). Each such clique 
separates the optimization problem into two subproblems for 
smaller intervals. By searching over all the locally maximal 
cliques over the interval [k,l], C{k,l) can be achieved. ■ 
Accordingly, we can apply the dynamic programming al¬ 
gorithm in EH to our problem as in Algorithm (a formal 
description appears in Appendix [Cll. The optimal cost is then 
(7(1, T), which is computed in the final step together with the 
optimal clique partition. From the obtained clique partition, 
one can easily compute a set of time slots, tj,j G J and 
set a'j = d'j = tj, solving Problem ( |Pmax| i. The obtained 
schedule leaves no degrees of freedom to the operator as, after 
the attacker’s modifications, all jobs become virtually urgent to 
operator and must be scheduled immediately upon their arrival. 
It is also clear that, as the job allowance of jobs increases, 
the attacker is capable of forming larger cliques and hence 
imposing higher costs on the operator. When we study online 
attacks, one of our goals is to formalize this observation. 


similar fact is proved in ED, where the authors consider clique 
partitioning so as to minimize a submodular cost function on the cliques, and 
shows the existence of a (globally) maximal clique in the optimal partition. 
We introduce the notion of locally maximal clique so that our results can be 
extended to time-dependent cost functions as we discuss in Appendix [B] 
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Algorithm 2 Offline Full Attack 

1: Iterate over all intervals [k,l],k < l,k,l € [0, T], with increasing 
interval length. 

2: In each iteration, compute C{k,l) using Eq. l[^, where the last 
two terms are obtained from previous iterations. 


The algorithm has 0{n?) iterations since it suffices to 
consider intervals whose two endpoints are either arrival times 
or deadlines of some jobs, where in each iteration, it takes 
0{n) time to find C{k, 1). Therefore, the algorithm has a total 
complexity of 0{n^). 

2) Online Full Attacks: In this section, we investigate the 
case where the attacker processes the arriving jobs in an online 
fashion, where at any time-slot t, the attacker possesses knowl¬ 
edge about the demands that have arrived by t. We propose a 
simple online attack where the jobs in J are partitioned into 
cliques according to an EDF policy. The attacker maintains a 
set of active jobs, that is, the set of demands that have arrived 
but not scheduled yet. Let A denote the set of active jobs. In 
any time-slot t, if t is the deadline for a demand j G A, then 
all the active demands in A are grouped in a single clique, by 
setting their arrival times and deadlines to t. These demands 
are then forwarded to the operator, and A is set to the empty 
set. Note that the algorithm ensures that the operator only 
learns a demand j at o'. The intuition of using an EDF policy 
is to delay the decision as far as possible so that more demands 
can be compressed together to generate a large clique. 


Algorithm 3 Online Full Attack 
A t— 0. In any time-slot t, 

1 : A t— A U : aj = f}; 

2: if dj = t for some job j G A then 
3: For each job k in A, aj, t— f, dj t— t\ 

4: Forward the set of (forged) jobs in A to the operator; 

5: A t- 0 


Since each job is processed once, the algorithm has a 
complexity of 0{n). We denote the resulting cliques by 
Ki,..., Km- The resulting cost is computed as 


Cma.=J2^[ E 

i=l ^jeKi 


(9) 


Our next result shows that, despite its simplicity and online 
operation. Algorithm could achieve a significant loss in the 
system’s efficiency. We first make the following observation. 

Lemma 4: Consider any clique X in an optimal (offline) 
solution that achieves Cmax- Then X = Ki), where 

X F Ki and X H Kj are disjoint for i ^ j, and X D Ki is 
non-empty for at most ri different Ki, where ri = -Fl. 

^riiin 

Proof: Let Ki ,..., Km denote the sequence of cliques 
constructed by AlgorithmSince Ki and Kj contain disjoint 
set of jobs, and the union of all Ki is the entire set of jobs, we 
have X = [J_^{XnKi), where XFKi and XfiKj are disjoint 
for i j- Moreover, Algorithm ensures a property that for 
all i' > i, all the jobs in Kii have arrived strictly later than 
the earliest deadline of the jobs in Ki. Let ti and t 2 denote 
the earliest arrival and earliest dealine, respectively, among the 


set of jobs in X. Then since all the jobs in X intersect at t 2 , 
t 2 — ti < Imax- The above property then ensures that X could 
have a nonempty intersection with at most ri = + 1 

sets in the partitioning {Ki}, i G m}. ■ 

This observation leads to the following bound for the online 
attack. 

Theorem 2: For C{E) = E^, b GM.,b > 1, 


O > 

^max — 


fl 


6-1 


Cmax, where ri = 




( 10 ) 


Proof: For a given problem instance, J, a, d, e, let the 
optimal partition of the jobs in J be ATi, X 2 ,..., Xm*, such 


that 


Cmaxi,^, d, c) 


E 



(11) 


Let Ki,..., Km denote the sequence of cliques constructed 
by the algorithm. For any 2 ; G {1,... ,m*}, let N{z,i) = 
Xz n Ki- From Lemma we have 


Cmaxi,^, d, e) — 


(a) 

< 


< 


771 / 771 


E E E 

z=l \i=l \jGN(z,i) 
771* m / 

EE^E E 

Z^l \j£N{z,i 

771 771 * / 

^EEE E 

1=1 2=1 

r'r^Cmaxia,d,e), 


( 12 ) 


where (a) is obtained by the power mean inequality. ■ 

When C(.) is a power function of the form C{E) = E^, b G 
K, 6 > 1, the simple structure of the online solution further 
delivers an explicit lower bound for the maximum achievable 
cost by the attacker: 

Theorem 3: For C{E) = E^,b G^,b > 1, 


Cmaxi,^, d, e) ^ 


^min 




(13) 


Proof: Suppose the attacker follows Algorithm Let 
Ki ,..., Km denote the set of cliques constructed by the 
algorithm. From Eq. 0 and the power mean inequality, we 
have 


Cr, 


> Cmax > 




(14) 


Consider any two consecutive cliques Ki and iCi+i. Let j 
denote a job with the earliest deadline in Ki- Then from the 
construction of the algorithm, we have Ofc — aj > Imin for any 
job k G Kij^i- Moreover, oi must appear in Ki and a„ must 
appear in Km- It follows that m < 2. This bound, 

together with ( pA] ), completes the proof. ■ 

The above result formalizes our intuition that the harm done 
by a cyber attack grows with the scheduling leverage given to 
the grid’s operator. When all other parameters are fixed, we 
use this result to specifically estimate the growth of Cmax 
with Imin- For instance, in Figure]^ we plot our bound versus 
an increasing Imin, fixing the average energy demand and the 






















Fig. 2; A lower bound on Cmax plotted for various values of n and 
Imin under a quadratic cost function (i.e., b — 2). The average energy 
demand is 10 while the average inter-arrival time is 5. 


average inter-arrival time. In this instance, Cmax grows at least 
linearly with Imin, and the rate of growth increases as the 
sample size n increases. More numerical results are reported 
in Section iys 

Finally, we use the heuristic AVR, presented previously in 
Section [rV-A[ to arrive at an upper bound on the gap between a 
fully-compromised operator (a operator subject to a/wll attack) 
and a non-compromised one: 

Theorem 4: For C{E) = E^, b G M.,b > 2, 

Cmaxia,d,e) <2’’~^{lmax + ^fb^Cminia,d,e). (15) 


Proof: For a given problem instance, J, a, d, e, let the 
optimal partition of the jobs in J be Xi, X 2 ,..., Xm* such 


that 


m* 

Cmaxi,^, d, e) — ^ ^ 

z=l 



(16) 


and assume that those cliques are scheduled in time slots 
; ■ ■ • ; tm* ■ 

We now consider applying the AVR heuristic to the same 
problem instance and let the obtained cost by this algorithm be 
denoted by Cavr{o-, d, e). We note that it achieves a fraction 
of Cmax{a-,d,e) as given by the following: 


CAVR{a,d,e) = ^ 

ie[o,T] \jeJ / 


(17) 


Z =1 \jeK, 


= E E 


V l-i + 1 

z=l \jGK^ J / 


> 


( , _1_ 1 ) P^rnax{,R, d, e). 

\ ^max t / 


In addition, we have Cavr{cl ,d,e) < 

2^~^b^Cmin{a,d,e) ll^ and that establishes our result. 


C. Limited Attacks and Performance Bounds 

We now focus on the case when the attacker is limited by 
the number of jobs he is capable of modifying without being 
detected, i.e., the attacker can alter only B = [/3nJ jobs, where 
0 < /3 < 1. We again divide our study in two cases, the offline 
setting and the online setting. In both cases, we derive bounds 
with respect to the corresponding full attacks. Therefore, these 
bounds are independent of the online scheduling algorithms 
used by the operator. 

1) Offline Limited Attacks: For limited attacks, we are 
not able to And an optimal offline solution as we do for 
full attacks. To understand the impact of stealthy attacks in 
this more general setting, we propose two polynomial time 
offline algorithms that render a lower and an upper bound, 
respectively, on the performance of optimal limited attacks, 
and evaluate their performance in simulations. We show that 
even in the more challenging limited attack regime where 
the attacker may not be able to And the optimal attack, it 
is still possible to enforce significant amount of damage using 
a simple attack strategy. 

Similar to our argument in the full attack case, the attacker 
could only consider the following simple strategy: Choose a 
set of job indices J* C J such that | J*| = jdn, and set o' = 
d' = t* for all the jobs j G J*. Leave all the remaining jobs 
(J\J*) unaltered. We adopt this approach in our proposed 
offline attacks in this section. We let Cmax = Cmax{R,d,e) 
and Cmaxminild) = Cmaxniin{a, d, €, f3), whenever clear from 
the context. 

A Lower Bound. We first propose a simple variant that 
is tailored to our problem (see Algorithm |^. For any /3, the 
algorithm finds a feasible limited attack, the cost of which 
provides a lower bound on the cost resulting from the optimal 
limited attack. We further establish an explicit performance 
bound for this algorithm in Theorem]^ 

Our algorithm is inspired by the standard greedy algorithm 
for the fractional knapsack problem ll22l . In the classical 
fractional knapsack problem, m items are given, each with 
a weight Wi and a value Vi. We need to find a set of items 

such that their total value is maximized subject to a budget on 

their total weight, say, < Po ^ 1- A fraction of 

any item might be collected, and the corresponding value is 
scaled according to its chosen weight. The greedy algorithm 
below solves this problem. 

1) Sort {vi,Wi) according to Vi/wi non-increasingly. 

2) Choose the first k pairs, (ui, wi),..., (vk,Wk) such that 

k m k-\-l m 

and ^ tRi ^ /^o ^ ^ Rtj • (18) 

i—1 i—1 i—1 i—1 

The optimal choice is given by the k items collected in 
step (2), and a fraction of the {k + 1)*^ item as the weight 
budget allows. Moreover, if we let the remaining weight 
budget after selecting the first k pairs be parameterized by /3i 
= \Po Eili /wk+i, by the greedy selection, 

we must have 

k m 

^ Ui + PlVk+l > Vi. 

i=l i=l 


This bound shows that, for a given power cost function, the 
harm due to a cyber attack is also limited by the maximum 
scheduling flexibility given by the served jobs. 


( 19 ) 

















9 


Algorithm 4 Offline Limited Attack 

1 : Find the optimal clique partitioning using Algorithm]^ assuming 
a full budget; 

2: Sort the set of cliques found by the ratio of clique cost over 
clique size non-increasingly; 

3: Greedily choose a set of cliques with total size bounded by fin; 
Let K denote the first unchosen clique on the list; 

4: Greedily choose min(/3n, lifl) jobs of highest energy require¬ 
ments in K to compress; 

5: Among the above two choices, the one that results in a higher 
cost is adopted. 


The proposed attack strategy builds on the aforementioned 
algorithm; 

Since finding the optimal clique partitioning is the most 
time-consuming step, the algorithm has a complexity of 
O(n^). Let denote the total cost enforced by 

this attack. It is clear that C'^aa:mm(/3) < CmaxminiP)- To 
get insights on the performance of this attack, we consider 
two special cases. Suppose that, under no budget constraints, 
the optimal clique partition (obtained from Algorithm is 
composed of cliques of size one, i.e., each job forms a separate 
clique. In this case, our greedy attack will choose to fully 
compress B = fin jobs, and those will be of the highest 
energy demands according to step (3) above. By the greedy 
selection, this clearly guarantees that C^axminiP) ^ PCmax- 
Another extreme case is when the optimal clique partition is 
composed of one single clique containing all of the n jobs. In 
this case, it is again clear by the greedy selection, in step 
(4), that C^ax^iniP) > C'^ 
power function of the form C{E) = E^, b G R,b > 1, we 
get C^axrmniP) > I^^Cmax- For cases between those two 
extremes, we make use of the aforementioned insights to arrive 
at the following lower bound . 

Theorem 5: For P G [0, l],C{E) = 6 S M, 6 > 1, 

CLxrmuW) > ^Cmax. ( 20 ) 


Proof: Assume that the first k cliques are fully com¬ 
pressed in Algorithm Let /3i = denote 

the fraction of budget available to clique Kk+i, where Ni 
denotes the size of clique Ki. Let Cq = Ci + PiE^_^_^. 
Then by the greedy selection of cliques and ( [T^ , we have 

Co> PTZlE- = PC^ax. 

On the other hand, let P 2 = /3]vf77 denote the fraction of 
budget available to compressing only the jobs in clique K^+i- 
By the greedy selection of jobs in the clique and ( [T^ , we have 

I]y=i ^3 > P 2 Ek+i- Therefore, C 2 > PIeI^^^. 

We then have 

Claaxrmu ^ max(C’i,C2) ^ C2 

C'o Cl + PiE\_^_-^ C2 + 

^ PlEl^i _ Pi 
- PlEl^i+PiEl^i Pl + Pi 


(0 Pi pl-^ 

- Pi + P 2 Pl-^ + 1 

(b) gb-l gb -1 

> —f— - > - -. 


where (a) follows from Pi < P 2 and (b) follows from p 2 ^ P- 
Hence Crnaxmin — 2 ^0 ^ 2 Cmax’ ® 


An Upper Bound. In order to compute an upper bound 
on the maximum cost that can be obtained by any feasible 
offline limited attacks, we find the optimal attack strategy 
under the assumption that the operator follows the baseline 
scheduling strategy, i.e., the operator fully serves each job 
immediately upon its arrival. That is, we solve a problem 
similar to Problem PmaxminE by replacing Cmin with Chase- 
Let denote the optimal total cost obtained by the 

attacker when the operator follows the baseline scheduling 
strategy. We first observe that indeed an upper 

bound of CmaxminiP)- 

Lemma 5: — CmaxminiP)- 

Proof: Assume S is the optimal attack strategy that 
achieves CmaxminiP), '^^at is, S is the optimal schedule 
for the attacker that solves Problem iPmaxminEl Let C' 
denote the total cost obtained when the attacker adopts S, 
while the operator adopts the baseline strategy. We then have 


a 


maxmin 


iP) <C'<C, 


maxmin 


(/ 3 ). 


In the remainder of this section, we further assume that 
at most one job arrives at any given time-slot t G [0,T]. 
Note that this is without loss of generality since we can 
consider an arbitrarily small time slot. We then show that under 
this assumption, Cm^^minifC) can be found by a dynamic 
programming algorithm similar to Algorithm]^ 

To derive the algorithm, we first observe that Lemma [T] 
and Lemma still hold for limited attacks, since the budget 
constraint is defined over the number of jobs that are altered, 
but not how they are altered. On the other hand, Lemma 
does not hold any more. Instead, we will derive a variant 
of Lemma as follows. Consider an optimal clique partition 
of J to Problem ( jPmaxminEl i when the operator follows the 
baseline scheduling strategy. Since at most one job can arrive 
at any time slot, without of loss of optimality, we can assume 
that each clique K contains exactly one job, j^, that has an 
unaltered arrival time. The remainder of the jobs would have 
arrival times altered to match that of jk- For instance, we can 
choose jK as the job with latest arrival in clique K. Hence, 
the budget used to form clique K would be exactly |Ar| — 1. 
This observation leads to the following result. 

Theorem 6: When the operator follows the baseline strat¬ 
egy, there is an optimal clique partition solving Prob¬ 
lem ( |PmaxminEl i that contains a locally maximal clique, or 
a clique that can be made locally maximal by adding jobs 
from cliques of size 1 only. 

Proof: Let Kmax denote the clique containing the maxi¬ 
mum total energy requirement in the clique partition. Assume 
that Kmax is not locally maximal. Then there exists a job j 
contained in another clique K in the partitioning such that 
Kmax U {j} is Still a clique. Suppose K contains at least 2 
jobs. We distinguish the following two cases. First, if a' 7 ^ Oj 
in the optimal schedule, then we can schedule job j at the 
time slot when all the jobs in Kmax are scheduled, while 
keeping the schedule of the rest of the jobs in K, without 
affecting the attacker’s budget. Moreover, by the convexity of 
C'(.) and the fact that Kmax has the maximum total energy 


2 
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requirement among all the cliques in the partition, the resulting 
cost must increase by this change, which contradicts the fact 
that the clique partition is optimal. Second, if a' = aj in the 
optimal schedule, then we can again schedule job j at the time 
slot when the jobs in Kmax are scheduled, and schedule the 
remaining jobs in K at the latest arrival time of those jobs. 
By the assumption that at most one job arrives at any time 
slot and the fact that \K\ > 2, this again leaves the budget 
unaffected and could only increase the total resulting cost. We 
again reach a contradiction. Hence, to achieve optimality in 
our upper-bound problem, what remains is to use jobs from 
cliques of size 1 to render Kmax maximal. ■ 

Let C{k,l,m) denote the maximum achievable cost by 
solely scheduling the jobs contained in [k, 1] with a budret m. 
Our objective is to find C{1,T, [/^nj). Using Theoremwe 
can construct a recursion that computes C{k, I, m) by parsing 
for locally maximal cliques in each time-slot z € \k,l], as we 
did for /3 = 1, but with two modifications. First, we need to 
investigate all the possibilities of using only a fractional budget 
of i out of m for each found clique. Second, we would also 
need to exhaust the possibilities of distributing the remaining 
budget TO — i on the resulting two subproblems of any chosen 
clique. Formally, for any clique K, let K{i) denote the first 
i jobs with the highest energy requirements in K. We then 
have: 


C{k, I, to) 


max 

2G [0,m] [0,771 — 2] 



C{k,z- 1, j) -f C{z j) 


( 21 ) 


Algorithm 5 Online Limited Attack 

In any time-slot t, 

1 : A <— A U {j : aj = t}; 

2: for each job j with aj = i do 
3: it N = B then 

4: break; 

5: Sample r from the uniform distribution in [0,1]; 

6 : itr<l3oiR + N<B then 

7: A'^A'U{j}- 

8 : else 

9: forward j to the operator; 

10: TV iV + t-i? - 1; 

11: it dj = t for some job j £ A then 
12: For each job k in A', aj, ^ ■£- f; 

13: Forward the set of forged jobs to the operator; 

14: A^0,A'^0 


once, this algorithm has a complexity of 0(n). Note that we 
have intentionally choose to generate the set of cliques at the 
earliest deadlines of jobs in A, not in A', so that this algorithm 
closely simulates the behavior of Algorihtm In particular, 
consider an input sequence, and any clique K' generated by 
Algorithm!^ and the corresponding clique K generated by 
Algorithm 1^ at the same time slot. Then K' C K. Moreover, 
for a set of i.i.d. demands, when n becomes large, for most 
cliques K, the corresponding K' has an expected size of f3\K\. 
Although there is no guarantee on the worst-case performance, 
we expect that the algorithm achieves an expected cost that 

b 

Cmnx for i.i.d. 


is at least a constant fraction of 
demands. 


(^ 1 =) 


By Theorem the constructed recursion indeed holds and 
a dynamic program similar to Algorithm is accordingly 
designed. This algorithm has a complexity of 0(n'*), since 
it has O(n^) iterations and in each iteration it takes Oiji?) 
time to find C{k,l,m). 

2) Online Limited Attacks: To derive an efficient online 
limited attack, we consider the following simple strategy 
that mimics the behavior of Algorithm while taking the 
budget constraint into account. As in Algorithm]^ the attacker 
maintains the set of active jobs in A. It also maintains the total 
number of jobs that have been modified in N, and the number 
of future jobs in R (recall that the attacker knows n). At any 
time t, the set of jobs that arrive at t are added to A. The main 
idea of the algorithm is to modify each job with probability 
P, or forward it to the operator directly with probability 1 — /3, 
independent of other jobs. Note that this decision has to made 
at the arrival time of a job. Let A' A denote the set of active 
jobs to be modified. If there is a job j in A with dj = t, then all 
the jobs in A are compressed to the single time slot t. These 
jobs are then forwarded to the attacker, and both A and A are 
set to the empty set. To make sure that all the budget is used 
and no more, the algorithm checks two boundary conditions. 
First, it stops sampling if all the budget has been used (lines 
3-4). Second, when i? -F TV < B, all the future jobs can be 
modified (line 6). 

Since a separate decision is made for each demand on its 
arrival, and each demand to be modified is then processed 


V. CONSTANT-POWER DEMANDS: SCHEDULING AND 

Attack Strategies 


Our previous scheduling and attack policies were derived 
solely for the total-energy demand model. In this section, 
we extend these results to demands that have service time 
and constant power requirements instead. We first provide an 
overview for the scheduling problem solutions at the operator 
in Section IV-AI We then derive new full and limited attacks 
via simple modifications over the previously derived ones 


and analyze their performance in Sections V-B and V-C 
respectively. 


A. Scheduling at the Operator 

When all of the consumers require the same amount of 
power per time slot (i.e., pj = p for all j G J), the Prob¬ 
lem ( |PminS[ l belongs to a class of “load balancing” problems 
that are studied in detail in ll23l . In this work, the author shows 
that the problem of finding the optimal schedule is equivalent 
to a network flow problem with convex cost. An optimal 
solution can be obtained by an iterative algorithm followed 
by a rounding step 1^ . For arbitrary power requirements, 
however, the integral nature of the problem renders it strongly 
NP-hard. 

Theorem 7: For the constant-power model. Problem ( |PminS| ) 
is strongly NP-hard. 
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Proof: We prove the result by a reduction from the 3- 
partition problem, which is known to be strongly NP-hard ll24l . 
Consider an instance of the 3-partition problem: we are given 
a set B of 3m elements bi G = l,...,3m, and a 

bound M G such that M/4 < bi < M/2,Vz and 
bi = mM. The problem is to decide if B can be partitioned 
into m disjoint sets Bi,...,Bm such that ^ 

for 1 < fc < m. Note that by the range of bfs, every such 
Bk must contain exactly 3 elements. Given an instance of 
the 3-partition problem, we construct the following instance 
of our problem. There are n = 3m energy demands J, with 
Oj = l,dj = m,Sj = 1 and pj = bj for all j G J. The 
total power requirement of all consumers Cf^jPj) could be 
evenly distributed among the m time slots if and only if the 
answer to the 3-pattition problem is “yes”. Clearly, such even 
distribution, if possible, corresponds to the optimal solution. 
Hence, solving Problem ( |PminS| l in this case answers the 3- 
partition problem, making Problem PminS strongly NP-hard. 


In our simulations, we report the relaxed continuous-version 
solution (as given in EtI I as a lower bound to the achieved 
cost by the optimal scheduler. In this relaxed version, instead 
of a constant power pj, job j can be served by an amount 
Pjt G [0,pj] for any time-slot t such that J2te[aj dj]Pp — 
SjPj. We note that the continuous solution thus obtained can 
be furthered rounded to a feasible integral solution to the 
original problem. The main challenge, however, is to design 
the rounding process to achieve a low approximation factor, 
which remains open. 

As for online algorithms for the operator, solutions with 
performance guarantee are unknown for preemptive demands. 
Two scheduling policies were provided for non-preemptive 
demands in II3. We choose the Controlled Release (CR) 
policy in our simulations, which is shown to be asymptotically 
optimal as average deadline duration approaches infinity ca. 
In the CR policy, an active demand is served if the instanta¬ 
neous power consumption in the current time slot is below a 
threshold or if it cannot be further delayed. Since each demand 
j is processed at most Ij times, independent of other demands, 
the algorithm has a complexity of 0(n). Note that the online 
solution is always feasible and provides an upper bound to the 
offline optimal solution that is computationally hard to find. 


B. Full Attack Strategies 

1) Optimal Offline Full Attacks: In the case of full attacks 
(/3 = 1 ), the total-energy demand model allowed the attacker 
to collapse the allowance of each job into a single time slot, 
while in this model, a job j must be served in exactly Sj 
time slots. However, we can still make use of the results 
developed earlier as follows. We break each job j into Sj 
separate sub-jobs, each having the same arrival time, deadline 
and the power requirement as those of j and each should 
be served in exactly one time slot. With an entirely forced 
schedule on the operator. Problem ( |PmaxminS] l is thus turned 
into a maximization problem as before. In essence, to find the 
cost-maximizing schedule of those new (smaller) jobs, we are 
still attempting to form a clique partition of the resulting set 


of jobs only with the additional constraint that no two subjobs 
resulting from a job j can be scheduled in the same clique. 

Let J = {(1,1),..., (1, si),..., (n, 1),..., (n, s„)} be the 
extended set of job indices, where (j, k) denotes the kth subjob 
of the original job j G J. Our clique partition is now over J. 
For any clique K, let Jk = {j G J{j, k) G K, for some k}, 
i.e., the set of jobs that originated the subjobs in K. For any 
time-slot t, we define a locally maximal clique, AT*, in this 
new setting as the set of subjobs that intersect at t, where at 
most one subjob from any job can be included. Following this 
definition, it is clear that the optimal solution indeed contains 
a locally maximal clique of subjobs, and, this also holds for 
any set of subjobs entirely contained within an interval. 

Let C{k,l, {wjljgj) denote the maximum achievable cost 
by solely scheduling rrij < Sj subjobs of job j within interval 
[k,l], which is defined to be 0 if for some j, rrij > I — k -\- 
1, or rrij > 0 and [kfl] C [oj^dj]. Our objective is to find 
C{1,T, {sj}j^j). Similar to Algorithm we can construct 
a recursion that computes C{k,l,{mj}j^j) by parsing for 
locally maximal cliques in each time-slot z G [k,l]. However, 
we observe that, unlike our previous model, a locally maximal 
clique in our extended set of jobs does not divide a problem 
instance into a unique pair of smaller problems. Instead, all 
the potential subproblem-pairs resulting from a given locally 
maximal clique should be considered. We then have: 


C{kfl,{mj}j^j) 


max 

[k^l] G [0,mj — l]Vj 


c 




C{k, z - l,{m'j}j^j) + C{z + 1, 1, {rrij - 1 - m'}jgj) 

( 22 )' 


We note that the complexity of this algorithm grows expo¬ 
nentially with the maximum clique size for a given problem 
instance, which indicates that the strategy can be computation¬ 
ally expensive for the attacker to use in practice. Due to the 
high complexity of the proposed attack, we have considered 
a relatively small scale setting in our simulations on offline 
attacks (see Figure]^. An interesting open problem is to design 
a more efficient attack strategy that is close to optimal or 
rigorously prove that such an attack is hard to find. 

2) Online Full Attacks: In the online case, we consider an 
attack similar to Algorithm]^ The attacker again maintains a 
set of active jobs in A. In any time-slot t, the attacker checks 
if there is a job j such that dj = t + Sj — 1. Note that to satisfy 
its service time requirement, such a job j cannot be further 
delayed. If this is the case, all the jobs in A are modified so 
that they will be scheduled for a consecutive number of time 
slots starting from t until their service time requirements are 
satisfied. These jobs are then forwarded to the operator, and 
A is the set to the empty set. It is important to notice that, 
similar to Algorithm if we only consider the set of jobs 
in A, then this strategy enforces the highest possible cost for 
those jobs. 

Since each demand is processed once, this algorithms has 
a complexity of 0(n). Similar to Lemma we have the 
following observation for the constant-power model. 
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Algorithm 6 Online Full Attack (constant-power model) 
A t— 0. In any time-slot t, 

1: A <— AU {j : aj = t}; 

2: if dj = t + Sj — 1 for some job j £ A then 
3: For each job k in A, aj, •<— f, dj. t— f -F Sfe — 1; 

4: Forward the set of (forged) jobs in A to the operator; 

5: A t- 0 


Lemma 6: Any clique X in an optimal (offline) solution that 
achieves Cmax is a disjoint union of X\AKi, where X\AKi is 
non-empty for at most r 2 different Ki, where r 2 = {smax — 

maXy {Ij — Sj +1) 


+ 1 ) 


-Fl 


It is then straightforward to extend the proof of Theorem 
to show that the above algorithm achieves at least a fraction 
-fLt of the optimal offline cost in the constant-power model. 


C. Limited Attacks 


1) Offline Limited Attacks: To derive an offline limited 

attack in the constant-power model, we consider an algo¬ 
rithm similar to Algorithm The optimal offline algorithm 
discussed in the previous section is hrst applied to hnd the 
optimal clique partitioning of sub-jobs when there is no budget 
constraint. Greedy algorithms are then applied twice; once to 
choose a set of cliques to fully compress, and to choose a 
set of sub-jobs within the first unchosen clique on the list, 
and the choice that results in a higher cost is adopted. In 
both cases, we require the total number of sub-jobs chosen 
to be bounded by f3n. This ensures that the total number of 
modihed jobs is also bounded by fin. Since finding the optimal 
clique partitioning may take exponential time in the worst 
case, this algorithm also has an exponential time complexity. 
Let Savg = denote the average service time 

requirement. Assume C{E) = E^,b S K, & > 1. Since there 
are sub-jobs in total and fin of them are compressed, 

following Theorem the guaranteed performance of this 

attack readily becomes C^^axminW) > 5 (sfj) ^rnax- 

2) Online Limited Attacks: We then modify Algorithm]^ to 
obtain an online limited attack as we did for the total-energy 
model. The attacker maintains the set of active jobs in A, and 
samples a fraction fi of them to be modihed, saved in A'. At 
any time t, if dj = t + Sj — 1 for some job j in A, all the 
job in A! are modihed as in Algorithm]^ The algorithm also 
checks the two boundary conditions as we explained before 
to ensure that all the budget is used and no more. Assume 
C{E) = E^,b G K, & > 1. Similar to Algorithm]^ this 
algorithm also has a complexity of 0{n). As in the total- 
energy model, although there is no worst-case guarantee, we 
expect that this simple attack obtains an expected cost that is at 

least a constant fraction of (« 2 ('’El) c max 

for i.i.d. demands and when Sj is a constant for all j. 


VI. Numerical Results 

In this section, we provide numerical results that illustrate 
the impact of stealthy attacks under various settings. In this 
section, unless stated otherwise, the job arrivals are simulated 


as a Poisson arrival process with mean 3. We use a quadratic 
cost function C{E) = E'^ in all of our simulations. 

Full Attacks; In Figure we compare the performance of 
a non-compromised smart grid, a fully-compromised smart 
grid and the “dumb” grid (where all jobs are immediately 
scheduled upon their arrival), for both the total-energy model 
and the constant-power model, for a total of 20 jobs. All 
the job slackness are i.i.d. exponential random variables, 
as well as the service time intervals. In the constant-power 
model, the job slackness mean is varied between 1 and 6, and 
the service time mean is fixed to 2. The power requirement 
per time slot, for each job, is uniformly distributed in the 
interval [1, 5]. For comparison purpose, for each job generated 
in the constant-power model, a job with the same arrival, 
slackness, and total power requirement is generated for the 
total-energy model. The plots report the average performance 
of both systems over 10 trials. For the total-energy model, 
Ojnin^ Ornin-) Ohasei OLjriax^ and C^nax coiTespond to the cost 
achieved by Algorithm [T] the AVR algorithm, the baseline 
cost (|^, Algorithm and Algorithm respectively. For the 
constant-power model, they correspond to the lower bound 
obtained from the continuous relaxation of the minimization 
problem for the operator, the cost obtained by the Controlled 
Release (CR) policy im, the baseline cost <0), the cost 
obtained by Algorithm and that by the optimal offline full 
attacks discussed in Section V-B1| respectively. 

We observe that, as the job slackness mean increases, for 
both models, further scheduling opportunities are offered to 
the legitimate operator, and hence further savings in the total 
cost are attained if the smart grid is not compromised. In 
the presence of an attacker, however, a similar flexibility 
is available to the attacker, and accordingly the severity of 
the attack increases as the job slackness mean increases. 
We also observe that the uncompromised total-energy system 
outperforms the constant-power model, in terms of total cost, 
due to the increased job scheduling flexibility in the former. 
For the same reason, attacks are more harmful for this model 
as well. In the total-energy model, when compared to the costs 
paid by the regular grid, an offline (online) attack causes an 
increase in cost by 154% (136%) with a job slackness mean 
of 1 and up to 220% (191%), while the expected cost to be 
paid for an uncompromised system should, in fact, decrease by 
values ranging in 200% —2500%. A similar comparison could 
be drawn in the constant-power model. Therefore, overall, the 
unprotected smart grid simulated here, not only does it fail to 
meet the cost savings prospected in a smart grid, it performs 
far worse than the current electric grid. 


Online Limited Attacks: We now investigate the performance 
of online limited attacks and compare them with online full 
attacks. We assume that the operator schedules the set of 
(partially) modified demands using the AVR algorithm for the 
total-energy model, and the CR algorithm for the constant- 
power model. Since online attacks have lower complexity 
than their offline counterparts, we consider a larger setting 
with 100 jobs and each simulation is repeated 100 times. We 
consider the same power requirement, service time, and inter¬ 
arrival time distributions as before. Theorem |2] and Theorem 
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(a) total-energy model (b) constant-power model 

Fig. 3: Comparison between the performance of a fully-compromised 
smart grid (offline and online attacks), the current grid, and an 
un-compromised smart grid (offline and online scheduling), under 
varying job allowance means. 


isLmaxmin 



? ? ? ? ^ 


Xi e [ 0 ,40] 




Xi e [0,10](10%), [40, 50](90%) Xi e [0,10](10%), [40, 50](90%) 
(a) total-energy model (b) constant-power model 

Fig. 4: Performance of a partially-compromised smart grid under 
online limited attacks with various values of /3. 


together indicate that a higher cost can be expected if most 
jobs have large job slackness. To confirm this, we consider two 
job slackness distributions, (1) a uniform distribution between 
[0,40], and (2) a mixture of two types of demands, where 
90% of demands have high elasticity with their slackness 
uniformly distributed in [40,50], and 10% of demands are 
more emergent with their slackness uniformly distributed in 
[0,10]. The attacks were conducted with /3 values ranging 
between 0 and 1. Figure reports our results for these attacks, 
where the values for the corresponding online full attacks and 
the baselines are also plotted for reference. We observe that 
large job slackness can indeed enforce higher cost. For both 
models, even with a low fraction of jobs to be modified, the 
attacker still causes significant harm, compared to the un¬ 
compromised system. Moreover, the attacker becomes capable 
of driving the system to perform worse than its nominal point 
(the regular grid) with /3 as low as 0.4 and 0.2 for the total- 
energy model and the constant-power model, respectively. 


Offline Limited Attack: Figure |^a) sheds more focus on 
the performance bounds of offline limited attacks in the total- 
energy model, where (7^ 


maxmin and denote the 


lower bound and the upper bound derived in Section IV-Cl 


respectively. The simulation sample is composed of 50 jobs. 
The energy requirements were uniformly distributed on [1, 20] 
while the mean job allowance was set to 40. The results 
are averaged over 5 trials. As shown, with the increased 
allowance mean, the obtained clique partitions become denser 
and therefore the upper and lower bounds become tighter. 



Fig. 5: Performance of offline limited attacks in the total-energy 
model with a varying /3, for 50 jobs. In (a), energy demands are 
uniformly distributed on [1,20], the mean interarrival time is 5, 
and the mean job allowance is 40. In (b), 50 identical jobs with 
Pj = 5, Ij = 50 are generated. The interarrival times are all set to 
Ma. 

Also, observe that using a simple greedy algorithm, the 
attacker is immediately capable of achieving a cost arbitrarily 
close to Chase for our sample, with a chance of altering only 
5 jobs out of 50. 

Finally, we study offline limited attacks in the total-energy 
model in a more controlled experiment. We generate 50 
identical demands, with each requiring a 5 energy units 
and an allowance of 50. The job interarrival times are all 
set to one value, denoted by Ma, which varies between 1 
and 10. Figure gb) shows C_^axrmJ(^-max under varying 
values of ji. This enables us to gain more insights on the 
growth of Cmaxmin with respect to (5, and how this growth 
is affected by the clique densities. As shown in the figure, 
when Ma = 1, with our chosen parameters, a single clique 
of jobs could be formed to achieve the maximum cost, and 
hence, in accordance with our theoretical results, the attacker 
could achieve approximately /?^ of the maximum achievable 
cost. As Ma increases, the growth of Crnaxmin/^max with P 
approaches a linear trend. The reason is that as Ma increases, 
the size of the optimal clique partition of jobs increases, having 
approximately equally sized cliques. Hence the maximum 
cost decreases so does the contribution of each clique to the 
maximum cost. 

VII. Observations and Suggestions 

From our analytical studies and simulation results, we 
make several observations and suggestions to the operator for 
thwarting the new type of attacks that we consider in the paper. 
Information Hiding: We observe that the attacker’s capability 
is significantly constrained by the amount of information it has 
regarding the operator and the demand patterns. In particular, 
to derive the best /3, the attacker needs to know the intrusion 
detection algorithm and the key parameters such as the sig¬ 
nificance level used by the operator. Moreover, the attacker 
requires some prior information about the demands to make 
best use of its budget, such as the number of demands and 
the ranges of their values. Therefore, one efficient approach 
to reduce the damage is to properly hide these information 
from the attacker, e.g., by introducing noise into the data and 
algorithms. 

Intrusion Detection: We suggest to develop robust intrusion 
detection schemes that can strike a balance between the poten¬ 
tial loss from attacks and the cost of detection. In particular, we 
suggest to develop a better statistical modeling of time-elastic 
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demands, and study advanced stream data mining algorithms 
that can deal with the high dimension of the demand data 
set. Moreover, as we discussed above, it is useful to develop 
intrusion detection algorithms that can make it hard for the 
attacker to derive efficient parameters to use. 

Load Management: We note that the scheduling algorithm 
used by the operator has a big impact on the total energy 
cost, especially when the attacker can only compromise a small 
number of demands. We have provided efficient solutions for 
the operator in the total-energy model, but better solutions 
are needed for the constant-power model and more general 
demand models. For instance. Figure indicates that online 
limited attacks are more efficient in the constant-power model. 
We believe that this is due in part to the poor performance 
of the CR algorithm in our setting. Moreover, it is important 
to develop robust algorithms that can provide a guaranteed 
performance even when part of demands have been modified 
by adversaries. 

Robust and Adaptive Defense: We suggest to develop robust 
defense algorithms to identify the set of most critical channels 
(or smart meters) to protect. From our analysis, it is clear that 
those demands (or a set of overlapping demands) with highest 
power requirement and maximum time elasticity are most 
beneficial to the attacker, due to the large gap between Cmax 
and Crain if we consider these demands only. When these 
demands are mostly generated by a given subset of customers, 
the corresponding links can be protected to efficiently reduce 
damage. In the face of more advanced attackers, however, 
a fixed defense strategy is insufficient, as the attacker can 
always identify the weakest link in the system. Therefore, it 
is important to study adaptive defense strategies in the face of 
strategic attackers. 

VIII. Conclusion 

In this paper, we have studied the performance of the smart 
grid, in terms of energy efficiency, in the presence of an active 
attacks on the system. In the presence of a limited intrusion 
detection mechanism at the grid operator, we have proposed 
optimal scheduling and undetectable attack strategies. We have 
derived lower and upper bounds on the maximum achievable 
cost by an attacker with low complexity, online algorithms. 
Overall, our theoretical analysis and numerical results show 
that the time-elasticity of electric load, when exploited by 
malicious attacks, could result in costs significantly higher than 
those expected for both the smart grid and the current electric 
grid, motivating the need for stronger intrusion detection and 
defense strategies for grid operators. 
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Appendix 

A. Discussion of the Model 

Demand-response scheme: Our model is built upon the opti¬ 
mization framework proposed in ifT^ . Similar models where 
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customers submit their total energy demands together with 
their time elasticity have also been adopted in some recent 
works on electric vehicle charging ll25l . ES\ . We choose this 
model for the following reasons. First, various studies indicate 
that customers often prefer simpler pricing schemes, e.g., flat- 
rate pricing. Requiring every customer to submit a bidding 
curve as in more advanced pricing schemes may be difficult 
to apply in practice. Second, current pricing based demand- 
response schemes cannot model the time elasticity of electric 
load explicitly, which, however, can be utilized to reduce 
electricity cost and eventually benefit both the operator and 
the customers even under flat-rate pricing. It is an interesting 
problem to extend our studies to more sophisticated demand- 
response schemes where customers are more actively involved. 

Forecast at the operator; The demand/load forecast ca¬ 
pability of the system operator could further limit stealthy 
attacks, which is not considered in the current model. In the 
extreme case when the operator knows everything about the 
future load, an attacker cannot modify any demand without 
of being detected. In practice, however, the system operator 
only has a rough estimate about future load distribution, which 
leaves room to stealthy attacks. It is an interesting problem 
to properly model the forecast capability of the operator for 
time-elastic electric load, and extend our framework to design 
stealthy attacks that can maximize energy cost while ensuring 
the forged demands to be still consistent with the load forecast. 

Capacity constraint: In our current model, we put no limit on 
the total energy served in each time slot to study the worst-case 
damage that a stealthy attacker can possible cause. This is also 
practical when there is always sufficient energy supply and the 
available capacities of distribution lines or transformers exceed 
the peak load. When the system is under congestion, however, 
both the operator and the attacker face more challenging 
optimization problems, especially in the online setting. In fact, 
when there is zero information on future arrivals, the only 
solution, if there is one, that can ensure all the demands are 
served by their deadlines is the Earliest Deadline First (EDF) 
policy, where jobs with earliest deadlines are served as fast as 
possible subject to the capacity constraint. To obtain a more 
useful problem formulation in this new setting, one approach 
is to relax the deadline constraints of jobs, and introduce a 
utility function for customers, as we further elaborate below. 

Beyond energy cost: We have considered two demand models 
with different levels of flexibility in this work. It is possible 
to consider more general demand models as in m, where 
for each customer, there is an upper and a lower bound on the 
energy served in each time slot, together with a utility function 
defined over the resulting service vector. Alternatively, we can 
also relax the deadline constraints by introducing a penalty for 
unsatisfied demands when the system is congested. A reason¬ 
able objective for the system operator is then to maximize the 
welfare, in terms of the total customer utility minus the total 
energy cost. Such flexibility provides further opportunity for 
the operator to improve the energy efficiency, which, however, 
may also be exploited by malicious attackers to harm both 
the system and the customers. It is interesting to extend our 


stealthy attack algorithms to study the fundamental tradeoffs 
involved in this more general setting. 


B. Time-Dependent Cost Functions 

A time-invariant energy cost curve has been assumed in 
Section IV and Section Due to the dynamics on both 
demand and supply, especially the uncertainty introduced by 
the penetration of renewable energy, energy cost can exhibit 
significant time variations. It is therefore important to study the 
impact of time-dependent cost functions on both the operator 
and the attacker. In this section, we show that most of our 
previous results can be readily extended to strictly convex and 
monotone cost function C't(-) that can vary over time. 

1) Scheduling at the Operator: We first note that the 
offline YDS algorithm can be extended to time-dependent 
cost functions by replacing the notion of energy intensity 
introduced in Section IV-A| by energy derivative defined below. 
For simplicity, we further assume that C't(-) has continuous 
derivative, C't(O) = 0, and C^{0) = 0, for any t. For the 
received (forged) demands J' and an time interval [k,l], let S 
denote a locally optimal schedule with minimum energy cost 
for jobs entirely contained in [k,l], which is unique by our 
assumptions on Ct(). We define the energy derivative of the 
interval to be 


y{Ij>{k,l)) = min C'{Es{t)). (23) 

That is, the energy derivative is defined as the minimum 
marginal cost of any time slot in [k, 1] in the locally optimal 
schedule. A critical interval is then defined as an interval with 
the maximum energy derivative. We observe that from our 
assumptions about C't(-), each time slot in a critical interval 
must have the same marginal cost. Moreover, by a similar 
argument as in ll20l . it can be shown that there is an optimal 
schedule for all the jobs, where jobs in a critical interval is 
scheduled exactly as its locally optimal schedule. It follows 
that Algorithm can be extended to get an optimal offline 
schedule for time-dependent cost by replacing energy intensity 
by energy derivative. 

We further note that when Ct{E) = ctE^,b G K,6 > 1, 
there is an online scheduling algorithm for the total energy 
model that achieves a competitive ratio of O(b^) ll28l . as¬ 
suming that upon the arrival of any job j, the cost functions 
up to dj are known to the operator. The algorithm extends 
AVR and looks for a minimum cost allocation for each new 
request on its arrival, given the previous scheduled requests 
while ignoring the future arrivals. 

2) Scheduling at the Attacker: For time-dependent cost, we 
show that Algorithm can be readily extended to obtain an 
optimal offline attack under the total energy model. First, the 
optimal attack still corresponds to a clique partition of the set 
of jobs since Femma [T] is proved for the general case and 
Femma only depends on Femma although in this new 
setting, all the jobs in a clique should be compressed to a 
time slot that achieves the maximum cost among all the time 
slots where the job intervals intersect. For any clique K, let tji 
denote such a time slot. Define the marginal cost of K as the 
derivative of the cost function at tjc after serving all the jobs 
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in K. Lemma can then be proved for time-dependent cost 
by considering the clique Ki with the maximum marginal cost 
in a clique partition. If Ki is not locally maximal at , then 
a job j that intersects . can be moved from another clique 
to Ki without decreasing the total cost. It also follows that 
Theorem [T] still holds. Hence, Algorithmcan be extended to 
time-dependent cost functions. 

Since Algorithmis derived from Algorithm]^ it can also 
be extended to derive online full attacks under time-dependent 
cost and the total energy model. Moreover, the performance 
bound in Theorem can be generalized as follows. Assume 
Ct{E) = ctE'^,b G M, 6 > 1. Define Cmax = maxt q and 
Cmin = mint Ct- Then the online algorithm achieves at least a 
fraction - 5 ^ of the offline optimal cost. 

For limited attacks, we remark that Algorithm ffl can be 
readily extended to time-dependent cost while achieving the 
same lower bound as ( |20| ). On the other hand, the upper bound 
does not apply anymore as Theorem does not hold in this 
new setting. For online limited attacks. Algorithm can be 
extended to time-dependent cost. Finally, similar results can 
be derived for the constant-power model as well. 

C. Algorithm 2 (Offline Full Attacks) 

For all k G [1,T], set the initial condition 



(24) 


With increasing interval width, iterate over all intervals 
\kfl]^k < l,k,l G [0,T], and apply the following dynamic 
program: 

1 ) Comnute 



with z* achieving the optimality. 


2) Update the clique partition 



Q(k, z* — 1) U K^ I U Q{z* + 1, /), otherwise. 





